9
Firefox 115 released (www.mozilla.org)
submitted 1 year ago* (last edited 1 year ago) by hal_5700X@lemmy.world to c/firefox@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] mojo@lemm.ee -1 points 1 year ago

Certain Firefox users may come across a message in the extensions panel indicating that their add-ons are not allowed on the site currently open. We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns.

What is this bullshit? Feel like this will lead to adblocks being blocked for certain websites under the guise of "security", aka: we don't have to justify shit to you.

[-] Vincent@feddit.nl 1 points 1 year ago

It's not going to inconvenience you that much, and the proof for that is that this has always been the case: extensions would never run on e.g. addons.mozilla.org. This makes sense; you don't want extensions to trick you into installing other extensions, for example, or to hijack your sync password.

It looks like the main change is that this actually loosens this restriction: it looks like some trusted extensions from now on will be allowed.

[-] Azzu@lemm.ee 0 points 1 year ago* (last edited 1 year ago)

Is there even some way to see which addons this applies to on which websites? I can't find anything. Or am I just going to find out randomly while browsing?

[-] gears@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

I was curious as well so I looked at the git tree. I'm not familiar with Firefox code, but I'm assuming I found the list:

pref("extensions.webextensions.restrictedDomains", 
"accounts-static.cdn.mozilla.net,accounts.firefox.com,
addons.cdn.mozilla.net,addons.mozilla.org,
api.accounts.firefox.com,content.cdn.mozilla.net,
discovery.addons.mozilla.org,install.mozilla.org,
oauth.accounts.firefox.com,profile.accounts.firefox.com,
support.mozilla.org,sync.services.mozilla.com");

From here

So it looks like it's mostly to do with the account system of Firefox. I'm not sure why their websites would need special protection, but whatever. It's not malicious, for now

[-] Azzu@lemm.ee 1 points 1 year ago

Thanks! Nicer list:

  • accounts-static.cdn.mozilla.net
  • accounts.firefox.com
  • addons.cdn.mozilla.net
  • addons.mozilla.org
  • api.accounts.firefox.com
  • content.cdn.mozilla.net
  • discovery.addons.mozilla.org
  • install.mozilla.org
  • oauth.accounts.firefox.com
  • profile.accounts.firefox.com
  • support.mozilla.org
  • sync.services.mozilla.com
[-] Lichtblitz@discuss.tchncs.de 1 points 1 year ago

Makes sense. You don't want Addons to navigate to the addons page and install other addons. You also don't want to give them access to the firefox sync data through your account to do the same from that end.

[-] bahmanm@lemmy.ml 0 points 1 year ago
[-] PaulDevonUK@lemmy.world -1 points 1 year ago

1st thing to do on every release from now on.

This is a step too far for me. My device, my choice of browser and I am adult enough to make my own decisions.

[-] maiskanzler@feddit.de 1 points 1 year ago

Oh come on, it's still a free and open source browser. As seen in the other comments, it's a badly worded security feature for firefox internal pages and mozilla pages.

It's not going to kill adblock, it won't send your data everywhere and it can be disabled through an option as well as by simply building firefox yourself.

Everybody should stop being so negative towards open source developers.

[-] FeelzGoodMan420@eviltoast.org 3 points 1 year ago

Did everyone in this thread drink the conspiracy theory kool-aid or something? The accusations here are wild.

this post was submitted on 04 Jul 2023
9 points (100.0% liked)

Firefox

17302 readers
37 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS